flash

F-A Payment 20-26 force.xlsx

Status: finished
Submission Time: 19.03.2020 13:18:02
Malicious
Trojan
Spyware
Exploiter
Evader
Lokibot

Comments

Tags

Details

  • Analysis ID:
    216498
  • API (Web) ID:
    330015
  • Analysis Started:
    19.03.2020 13:18:03
  • Analysis Finished:
    19.03.2020 13:26:30
  • MD5:
    351e475408b1e5b17d86db870c0c7503
  • SHA1:
    14e8373f13a86fe7e59c6329059b3f04f44c94e7
  • SHA256:
    85e304a7985827fc7c48ffc1a2aa228eb81b24de7c3651d88535d6015db92874
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Java 8.0.1440.1, Flash 30.0.0.113)

malicious
100/100

malicious
23/60

malicious
11/45

IPs

IP Country Detection
185.147.80.213
Russian Federation
45.143.138.47
Russian Federation
103.133.106.239
Viet Nam

Domains

Name IP Detection
cpf-th.com
45.143.138.47
green9wsdyelectronicsandkitchenappliance.duckdns.org
103.133.106.239

URLs

Name Detection
http://cpf-th.com/dark/five/fre.php
http://green9wsdyelectronicsandkitchenappliance.duckdns.org/office360/regasm.exe
http://www.ibsensoftware.com/
Click to see the 1 hidden entries
https://curl.haxx.se/docs/http-cookies.html

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SQEVR752\regasm[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\vbc.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Desktop\~$F-A Payment 20-26 force.xlsx
data
#
Click to see the 5 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\64CBAD52.jpeg
gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\99303755.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
#
C:\Users\user\AppData\Local\Temp\data.xml
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\85CB65\5E97AF.lck
very short file (no magic)
#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-290172400-2828352916-2832973385-1004\ce1d9ab061b5b7ff17c765603e761dae_0f4f5130-48fa-4204-b1c4-585fbb81cd25
data
#